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[57] ABSTRACT 

Electronic signature apparatus and method provide an elec- 
tronic signature that can be created only by a signer, but 
cannot be used for other than the signature object document 
to be processed, and that can be verified and authenticated 
as an image. Since the verified result is an image, such as a 
print of a seal and a signature, the verifier can easily verify 
the validity of the image. In addition, since a signature image 
and a signature object document may separately be 
processed, combined, and decomposited upon decryption, 
they can effectively be used for a printed signature. 

14 Claims, 3 Drawing Sheets 
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ELECTRONIC SIGNATURE METHOD AND To solve such drawbacks of the related art reference, a 

APPARATUS third aspect of the present invention is an electronic signa- 

ture apparatus* comprising first input means for inputting a 
This application is a continuation of application Ser. No. signature document, second input means for inputting public 
08/364,042, filed Dec. 27, 1994 now abandoned. 5 information of a signer, third input means for inputting a 

signature object document to be signed, transforming means 
BACKGROUND OF THE INVENTION for transforming the signature document with the public 

1. Held of the Invention information, hashing means for hashing the signature object 
* , - , * . . document to be signed so as to generate a hash value. 

The present invention relates to a method for signing an 10 signamre ^ gcneratmg mcans for transforming the 

electronic document in the same manner as a plain paper ^^ed signature document with the hash value so as to 

document and an apparatus thereof. generate a signature image, and output means for outputting 

2. Description of the Related Art the signature image. 

Conventional cryptosystems can be categorized as secret- According to the present invention, a signature image is 

key cryptosystems and public-key cryptosystems. An 15 encrypted with a combination of a public-key cryptosystem 

example of the latter is the RSA cryptosystem used for and a secret-key cryptosystem. The techniques of the public- 

digital signatures. The RSA cryptosystem is disclosed in, for key cryptosystem and hash function is described in "Theory 

example, U.S. Pat No. 4,405,829. The RSA cryptosystem is of Modern Cryptographic Techniques (translated title)" (by 

based on power-residual operations, which require a large Ikeno and Oyama, The Institute of Electronics, InformaUon 

number of arithmetic operations. In addition, the security of 20 Communication Engineers, Japan, 1986). Next, the 

the RSA cryptosystem has not been strictly proved. secret-key cryptosystem and public-key cryptosystem will 

In the conventional signing method, the validity of a be described in brief by using symbols used in this descrip- 

signature is judged and is determined and after that, a tion. 

message that represents whether the signature is valid or The secret-key cryptosystem is a technique where the 

invalid is supplied to a verifier: 25 same key is used for both encryption and decryption. There 

In such a method, there are two drawbacks. As the first is the following relation between an encrypting function fl 

drawback, the user cannot know whether the validity of a and a decrypting function £2. 
signature was actually verified by the system or a message 

that represents the validity was forged and merely presents ^ K > =M 

a display described 'Validity". As the second drawback, 30 where M is a message; and K is a secret key. 

when the electronic signature is printed on a paper, the user Without secret key K, it is difficult to decrypt message M 

cannot know and confirm whether or not the document was from an encrypted document C=fl(M, K). 

created by the signer and so whether or not the signature In addition, there is the following relation among an 

document is valid. ^ encrypting function gl, a decrypting function g2, an 

SUMMARY OF THE INVENTION encrypting (secret) key S, and a decrypting (public) key P. 

To solve such drawbacks of the related art reference, a VA:g2(gl(A, sx P)=a 

first aspect of the present invention is an electronic signature where A is a message; S is an encrypting secret key; and P 

method having a first step and a second step, the first step 40 is a decrypting public key. 

comprising inputting a signature image of a signer, a sig- With one of the decrypting public key P and the encrypt- 

nature object document to be signed, and secret information ing secret key S, It is exceedingly difficult to obtain the other 

of the signer, hashing the signature object document to be (S or P). 

signed so as to generate a hash value, transforming the For the theory of cryptosystems, the following reference 

signature image with the hash value, and transforming the 43 documents are available: 

transformed signature image with the secret information so "Computer Communications Securities — Principles, 

as to generate a signature document, and the second step Standard Protocols and Techniques**, by Warwick Ford, PRT 

comprising inputting the signature document, a signature Prentice Hall. Inc. 

object document to be signed, and signer's public "Theory of Modern Cryptographic Techniques 

information, transforming the signature document with the 50 (Translated title)", by Shinich Ikezawa and Kenji Oyama, 

public information, hashing the signature object document The Institute of Electronics, Information and Communica- 

to be signed so as to generate a hash value, and transforming tion Engineers, Japan. 

the transformed signature document with the hash value so "Introduction to Theory of Cryptographic Techniques 

as to generate a signature image. (Translated title)", by Eiji Okamoto, Kyoritsu Publishing 

To solve such drawbacks of the related art reference, a 55 Company, 1993. 

second aspect of the present invention is an electronic These and other objects, features and advantages of the 

signature apparatus, comprising first input means for input- present invention will become more apparent in light of the 

ting a signature image of a signer, second input means for following detailed description of best mode embodiments 

inputting a signature object document to be signed, third thereof, as illustrated in the accompanying drawings, 

input means for inputting secret information of the signer, 60 

hashing means for hashing the signature object document to BRSEF DESCRIPTION OF THE DRAWINGS 

be signed so as to generate a hash value, t™sfc*raing means FIGS, la and lb show process flows according to first, 

for transforming the signature image with the hash value, a second, and third aspects of the present invention, where 

signature document generating means for transforming the FIG. la is a flow chart showing a process for encrypting a 

transformed signature image with the secret information so 65 signature document and FIG. lb is a flow chart showing a 

as to generate a signature document, and output means for process for decrypting the encrypted signature document 

outputting the signature document and generating a signature image; 
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FIG. 2 is a Mock diagram showing an apparatus for G^tXB, H) 

encrypting a signature image and a signature object docu- ^ signflture generatioil and the verification thereof 

ment to be signed according to the second aspect of the m C0TOcdy performed, the following relation is satisfied to 
present invention; and ^ signature image G. 

FIG. 3 is a block diagram showing an electronic signature 5 
apparatus for decrypting an encrypted signature document G*=o 

according to a third aspect of the present invention. ^ sjgDaturc image G ^ restored. The result of the 

DESCRIPTION OF PREFERRED signature verification is output to the display of a computer 

EMBODIMENTS io or onto a sheet of paper so as to aUow the user to verify and 

authenticate the signature. 

Before explaining preferred enibodiments of the present if the secret key of the signer is incorrect or the signature 
invention, the theory of operation of the present invention document is used for other than the signature object docu- 
will be described. ment to be processed, the following relation takes place. 

According to the present invention, a signature image G 15 
is input as a mess age. The signature image is digital infor - 

nmiion of, fo r example, a print of a sea l or a written Thus, the signature document cannot be restored and the 
signature . When a signature object 'document is signed, thc^ signature image G cannot be restored. Generally, G* is a 
signature image may be input through an input device suc h random image. Consequently, when the signature image is 
as a scanner or be s tored as digital information in. for 20 correctly restored, it is verified and authenticated that the 
exam ple, an electroni c file. signer signed to the signature object document 

""Next, the method for generating a signature document According to the present invention, the signature docu- 
will be described. At first, a hash value of a signature object ment is generated and verified corresponding to the above- 
document to be signed is generated. The signature object mentioned theory. 

document to be signed is denoted by the signature object 25 Next, preferred embodiments of the present invention will 
document M. be described. 

FIG. la and lb show process flow charts according to 
H=faash(M) first, second, and third aspects of the present invention. FIG. 

, , _ _ 2 is a block diagram showing an apparatus for encrypting a 

where "hash" is a hash function such as MD5 message- ^ signaturc ^ a signature object document to be 

digest algorithm. . ^ according to ^ second aspect of the present inven- . 

Thereafter, a signature image G is encrypted with a key of HG 3 {% & Wock ^agram showing an electronic 1 

the hash value H corresponding to a secret-key cryrXosys- ^ a ^ iratus for accrypting an encrypted signature 
tern. Then an encryption function A is transformed with the adding to a third aspect of the present inven- 

ts value H 35 tion. Next, with reference to FIGS. la. It, Z and 3, the first, 

A=fl(o H) second, and third aspects of the present invention will be 

described. 

Thereafter, the encryption function A is encrypted with a in FIG. 2, reference numeral 11 is a signature image input 
secret-key S that a signer has in secret by using a method of means. The signature image input means 11 inputs a signa- 
a public-key cryptosystem. Then a encryption function X is 40 ture image such as a print of a seal, a written signature, a 
showed by next expression. fingerprint, or the like in digital form, Hie signature image 

G is sent to a signature image transforming means 15. 

x=gt(A. S) Reference numeral 12 is a signature object document input 

where X is a signature document Since X uses the hash means. The signature object document Mnput* jneam MB 
value of the document M. a signature document depends on 45 inputs r signature object document M to beamed in digiud 
a signature object document fo be processed and so if the form The signature object document ^ be signed fe sert 
signaturc object document, M. is different, the signature to a bashing means 14. Referencenumeral 13 . -asigner s 
doWnt. X will be different from other signature docu- informal mpu means. The signer s secret infer- 

rn^To generate a signature document star* the secret- mation input means 13 inputs a secret key of a super and 
key S of the signer is used, peoples other than the signer » sends it to a signage document generaung means M. 
annot correctly create the signature document X. Accordingly at step SU of FIG. U. the agnature image G. 

T*t signature is verified foVauser authentication in the the secret information of signer S and the signature object 
following manner. First, the signature document X is document M are inputted. . . . ^ 

£cr3 with the pubnc-keyP corresponding to a method When the hashing means 14 receives the sig^ture objea 
rfSc-key cryrLsystem So, a decryption function B is » document to be ngned from the signature object document 
ui a yuwuv m^j v* JF w j Jr mcans ^ the hashing means 14 generates a hash value 

following. H of ftc signature object document M to be hashed with a 

b=#<x, P) predetermined hash function and sends the hash value H to 

the signature image transforming means 15. Accordingly at 
When the signature generation and the verification ^ thereof w step S12 piG. la, the next step is to generate the hash 
are correctly performed, the following relation is satisfied to value jj to be hashed with the predetermined hash function, 
the encryption function A. The signature image transfonning means 15 encrypts the 

signature image G received from the signature image input 

A ~ D means 11 with a key of the hash value H received from the 

Thereafter, the decryption function B is decrypted with a key 65 bashing means 14 coiTOrx)nding to a method of a secret-key 
of the hash value H of the document M corresponding to a cryptosystem and sends the encrypted result to signature 
method of the secret-key cryptosystem. document generating means 16. Accordingly, at step S13 of 
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FIG. la, a transform value is generated from the signature 
image G to a encryption function A with the hash value H 
according to the encrypted function A=fl(G f H). 

The signature document generating means 16 receives the 
encrypted result from the signature image transforming 
means 15 and encrypts the encrypted result with a key 
received from the signer's secret information input means 13 
corresponding to a method of a public-key crypto system and 
generates a signature document X. The generated signature 
document is sent to a signature document output means 17. 
Accordingly, at step S14 of FIG. la, a signature document 
is generated according to the encryption function X=gl(A, 
S). 

The signature document output means 17 receives the 
signature document X from the signature document gener- 15 
ating means 16 and outputs the signature document X to the 
outside of the apparatus (accordingly, step SIS of FIG. la 
outputs the signature document X). The encrypting appara- 
tus of the electronic signature apparatus sends digital infor- 
mation of the signature document X and the signature object 20 
document M to be signed as composite digital information 
to a decrypting apparatus. 

Next, with reference to FIG. 3, a decrypting apparatus that 
decrypts encrypted data according to the present invention 
will be described. 

In FIG. 3. reference numeral 20 is a distributor that 
distributes the above-mentioned composite digital informa- 
tion. The composite digital information are seperated into 
the signature document X and the signature object document 
M by the distributor 20. 

Reference numeral 21 is a signature document input 
means. The signature document input means 21 inputs the 
signature document X as digital information and sends it to 
a signature document transforming means 24. Reference 
numeral 22 is a signer* s public information input means. The 35 
signer's public information input means 22 inputs a public 
decrypting key P of a signer and sends it to the signature 
document transforming means 24. Reference numeral 23 is 
a signature object document input means. The signature 
object document input means 23 inputs a signature object 40 
document M to be signed in digital form and sends it to a 
hashing means 25. Accordingly, at step S21 of FIG. lb, the 
signature document X. the public decrypting key P, and the 
signature object document M are inputted. 

The signature document transforming means 24 decrypts 45 
the signature document X received from the signature docu- 
ment input means 25 with the decrypting key received from 
the signer's public information input means 22 correspond- 
ing to a method of a public-key oryptosystera and sends the 
decrypted signature document B to a signature image gen- so 
erating means 26, Accordingly at step S22 of FIG. lb, the 
signature document is transformed and the decrypted sig- 
nature document (transformed value) B=g2(X, P) is gener- 
ated. 



25 



30 



27. Accordingly at step S24 of FIG. lb, the signature image 
is generated according to the decryption function G=f2(B, 
H). 

The signature image output means 27 receives the signa- 
ture image G from Che signature image generating means 26 
and outputs it to the outside of the decryption apparatus. 
Accordingly at step S25 of FIG. lb, the signature image G 
is outputted. After that, the signature image G Is verified and 
authenticated by the user. 

According to the present invention, an electronic signa- 
ture that can be created only by a signer, that cannot be used 
for other man the signature object document to be processed, 
and that can be verified as a result of signature verification 
of a signature image is accomplished. According to the 
present invention, since the verified result is an image such 
as a print of a seal and a signature, the verifier can easily 
verify the validity of the signature image. In addition, since 
a signature image and a signature object document are 
separately processed and combined at sending to the decryp- 
tion apparatus, they can be effectively printed. 

Although the present invention has been shown and 
described with respect to best mode embodiments thereof, it 
should be understood by those skilled in the art that the 
foregoing and various other changes, omissions, and addi- 
tions in the form and detail thereof may be "M ^e therein 
without departing from the spirit and scope of the present 
invention. 

What is claimed is: 

1. An electronic signature method having an encryption 
step and a verification step, wherein said encryption step 
comprises the steps of: 

(a) inputting a signature image of a signer, a signature 
object document to be signed, and secret information of 
the signer; 

(b) hashing the signature object document to generate a 
hash value; 

(c) encrypting the signature image with the hash value 
generated by said hashing step (b); and 

(d) encrypting the encrypted signature image in accor- 
dance with the secret information to generate a signa- 
ture document; 

and wherein said verification step comprises the steps of: 

(e) inputting the signature document, the signature 
object document, and public information of the 
signer; 

(f) decrypting the signature document to generate a 
decrypted signature document in accordance with 
the public information; 

(g) hashing the signature object document to generate 
a hash value; and 

(h) decrypting the decrypted signature document with 
the hash value generated by said hashing step (g) to 
generate a restored signature image. 

2, The electronic signature method as set forth in claim 1, 



The hashing means 25 receives the signature object 53 wherein the step (c) is performed by encrypting the signature 

document from the signature object document input means image with the hash value corresponding to a method of a 

23, generates a hash value H of the signature object docu- secret-key cryptosystem, 

ment with a predetermined hash function, and sends the hash 3. The electronic signature method as set forth in claim 1, 
value H to the signature image generating means 26. wherein the step (d) is performed by encrypting the 
Accordingly, at step 23 of FIG. lb, the next step is to €0 encrypted signature image with the secret information car- 
generate the hash value H=hash (M). responding to a method of a public-key cryptosystem. 

The signature image generating means 26 receives the 4. The electronic signature method as set forth in claim 1, 

decrypted information from the signature document trans- wherein the step (f) is performed by decrypting the signature 

forming means 24, decrypts it with the hash value received document with the public information corresponding to a 

from the hashing means 25 corresponding to a method of 65 public-key cryptosystem. 

secret-key cryptosystem, restores a signature image, and 5. The electronic signature method as set forth in claim 1, 

sends the signature image to a signature image output means wherein the step (h) is performed by decrypting the 
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decrypted signature document with the hash value corre- 
sponding to a secret-key cryptosystem, 

6. The electronic signature method as set forth in claim 1, 
wherein the signature image is a print of a seal, a written 
signature, or a fingerprint 

7. An electronic signature apparatus, comprising: 
first input means for inputting a signature image of a 

signer; 

second input means for inputting a signature object docu- 
ment to be signed; 

third input means for inputting secret information of the 
signer; 

hashing means for hashing the signature object document 
to generate a hash value; is 

encrypting means for encrypting the signature image with 
the hash value generated by said hashing means; 

signature document generating means for encrypting the 
encrypted signature image in accordance with die 
secret information to generate a signature document; 20 
and 

output means for outputting the signature document 

8. The electronic signature apparatus as set forth in claim 
7, wherein said encrypting means encrypts the signature 
image with the hash value corresponding to a secret-key 
cryptosystem. 

9. The electronic signature apparatus as set forth in claim 
7, wherein said signature document generating means 
encrypts the encrypted signature image with the secret ^ 
information corresponding to a public-key cryptosystem to 
generate the signature document 

10. The electronic signature apparatus as set form in claim 
7. wherein the signature image is a print of a seal, a written 
signature, or a fingerprint 35 

11. An electronic signature apparatus, comprising: 
first input means for inputting a signature document; 
second input means for inputting public information of a 

signer; 

third input means for inputting a signature object docu- 40 

ment to be signed; 
decrypting means for decrypting the signature document 

in accordance with the public information; 
hashing means for hashing the signature object document 

to generate a hash value; 
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image generating means for decrypting the decrypted 
signature document with the hash value to generate a 
signature image; and 
output means for outputting the signature image. 

12. The electronic signature apparatus as set forth in claim 
11, wherein said decrypting means decrypts the signature 
document with the public information corresponding to a 
public-key cryptosystem. 

13. The electronic signature apparatus as set forth in claim 
11, wherein said image generating means decrypts the 
decrypted signature document with the hash value corre- 
sponding to a secret-key cryptosystem to generate the sig- 
nature image. 

14. An electronic signature apparatus, comprising: 
first input means for inputting a signature image of a 

signer; 

second input means for inputting a signature object docu- 
ment to be signed; 
third input means for inputting secret information of the 
signer; 

first hashing means for hashing the signature object 

document to generate a first hash value; 
encrypting means for encrypting the signature image with 

the first hash value; 
signature document generating means for encrypting the 
encrypted signature image in accordance with the 
secret information to generate a signature document; 
first output means for outputting the signature document 

and the signature object document; 
fourth input means for inputting the signature document; 
fifth input means for inputting public information of the 
signer; 

sixth input means for inputting the signature object docu- 
ment; 

decrypting means for decrypting the signature document 

in accordance with the public information; 
second h*sh?"g means for hashing the signature object 

document to generate a second hash value; 
image generating means for decrypting the decrypted 
signature document with the second hash value to 
generate a restored signature image; and 
second output means for outputting the restored signature 
image. 

***** 
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